When I talk to reporters, they seem to focus quickly on security concerns around cloud computing, especially the public cloud. Mostly they cite recent well-publicized breaches such as Sony Pictures, Home Depot, and more recently, Anthem.
They got hacked, so clouds are more vulnerable, right? Wrong.
As I’ve said many times, the degree of security -- whether within cloud-based or on-premises systems -- is determined by two factors. One is the planning and technology that goes into engineering the security solution. The other is the organization's ability to operate systems in proactive and secure ways.
To be honest, I’m getting frustrated with the constant questions about cloud security. I’ve learned to respond with a quick question: Why do you think your data is less secure in a public cloud?
Although that response is a bit passive-aggressive on my part, I’m actually interested in the answer. For the most part, the cited reason is that the data is no longer in your direct control, which somehow makes it more vulnerable.
The truth: Although you may not control the data on your premises, you still own and control the data. You may not be able to visit the data center and have lunch in the server room, but you still can control both the data and the layers of security safeguarding it. I’ve yet to see a public cloud provider that does not allow this configuration. No, your data is only as vulnerable as your security protocols, cloud or not.
Although I don’t see massive data breaches in public clouds, I see businesses use public clouds improperly. The largest threat to security is the lack of qualified cloud developers, engineers, architects, and security experts who understand how to make cloud-based systems secure.
Dumb mistakes are much more of a threat than data breaches. As more enterprise systems move to the cloud, we’re bound to see more of those mistakes.